Tracking Configuration Changes with AWS Config

You can use AWS Config to record configuration changes for CloudFront distribution
settings changes.
For example, you can capture changes to distribution states, price classes, origins,
geo restriction
settings, and Lambda@Edge configurations.

Note

AWS Config does not record key–value tags for CloudFront distributions.

Set up AWS Config with CloudFront

When you set up AWS Config, you can choose to record all supported AWS resources,
or you can specify only certain
resources to record configuration changes for, such as just recording changes
for CloudFront. To see the specific
resources supported for CloudFront, see the list of
Supported AWS Resource Types in the AWS Config Developer Guide.

To track configuration changes to your CloudFront distribution, you must log in to
the AWS Console in the US East
(N. Virginia) public region.

Note

There might be a delay in recording resources with AWS Config. AWS Config records
resources only after it
discovers the resources.

On the Settings page, for Resource types to record,
specify the AWS resource types that you want AWS Config to record. If you want
to record only CloudFront changes, choose Specific types, and
then, under CloudFront, choose the distribution or streaming
distribution that you want to track changes for.

To add or change which distributions to track, choose Settings on the left, after
completing your initial setup.

Specify additional required options for AWS Config: set up a notification, specify
a location
for the configuration information, and add rules for evaluating resource types.

View CloudFront Configuration History

After AWS Config starts recording configuration changes to your distributions, you
can get the configuration history
of any distribution that you have configured for CloudFront.

You can view configuration histories in any of the following ways:

Use the AWS Config console. For each recorded resource, you can view a timeline
page, which provides a history of configuration details. To view this page,
choose the gray icon in the
Config Timeline column of the Dedicated Hosts page. For more
information, see Viewing Configuration Details in
the AWS Config Console in the AWS Config Developer Guide.